One of our marketing people just sent this to me. It's a paper produced
by PayPal about their success fighting phishing via their deal with Yahoo!
to have them discard any mail from paypal.com that wasn't signed or
whose signature doesn't verify.
http://www.blackops.org/~msk/paypal-phi
Sorry, I wasn't done yet.
The main reason I wanted to share this with the working group is to point
out that we got some confused people at RSA asking us why we're going with
DKIM and not DomainKeys in light of the content of this paper.
I wonder if it would be prudent to (somehow) make a state
On 4/11/08 10:36 AM, "Murray S. Kucherawy" <[EMAIL PROTECTED]> scribbled:
> Sorry, I wasn't done yet.
>
> The main reason I wanted to share this with the working group is to point
> out that we got some confused people at RSA asking us why we're going with
> DKIM and not DomainKeys in light of th
Powers, Jot wrote:
> We're moving to support DKIM and DK. Our mail appliance vendor didn't
> support dual signing until recently, and given that our published agreements
> we need to be able to do both.
Jot,
Within the DKIM community, I suspect there wasn't a question about Paypal's
intent.
On 4/11/08 12:11 PM, "Dave Crocker" <[EMAIL PROTECTED]> scribbled:
>
> Powers, Jot wrote:
>> We're moving to support DKIM and DK. Our mail appliance vendor didn't
>> support dual signing until recently, and given that our published agreements
>> we need to be able to do both.
>
> Jot,
>
> Withi
In some of my talks, I sometimes refer to DKIM as "DomainKeys Version
2". This gets people thinking in the right frame of mind as to their
relationship.
Tony Hansen
[EMAIL PROTECTED]
Murray S. Kucherawy wrote:
> Sorry, I wasn't done yet.
>
> The main reason I wanted to share th
Tony Hansen wrote:
> In some of my talks, I sometimes refer to DKIM as "DomainKeys Version
> 2". This gets people thinking in the right frame of mind as to their
> relationship.
Yep, this seems to always make things clearer (though I call it version
3.)
What hasn't been mentioned yet in this thr
At 11:19 11-04-2008, Powers, Jot wrote:
> >From [EMAIL PROTECTED] Fri Apr 11 10:54:13 2008
And a funny thing happened on this mailing list. This email came
through without a DomainKeys or DKIM signature.
Should the receiving MTA pass the message to this passive user or
reject it? I'm ignorin
Tony Hansen wrote:
> In some of my talks, I sometimes refer to DKIM as "DomainKeys Version
> 2". This gets people thinking in the right frame of mind as to their
> relationship.
Not only are you correct, but strictly speaking, RFC 4871 documents DomainKeys,
version *4*.
The current version
FWIW, having dkim.org and mipassoc.org do DKIM signing is in the queue. No
schedule, though.
d/
SM wrote:
> At 11:19 11-04-2008, Powers, Jot wrote:
>> >From [EMAIL PROTECTED] Fri Apr 11 10:54:13 2008
>
> And a funny thing happened on this mailing list. This email came
> through without a Do
By the way, how many angels /can/ dance on the head of a pin, anyway?
eric
--On April 11, 2008 1:12:00 PM -0700 Dave Crocker <[EMAIL PROTECTED]>
wrote:
>
>
> Tony Hansen wrote:
>> In some of my talks, I sometimes refer to DKIM as "DomainKeys
>> Version 2". This gets people thinking in the ri
Eric Allman wrote:
> By the way, how many angels /can/ dance on the head of a pin, anyway?
Apparently more than people who can appreciate relative (im)maturity of a
technical effort and how it should affect work on it.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
__
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:ietf-dkim-
> [EMAIL PROTECTED] On Behalf Of Eric Allman
> Sent: Friday, April 11, 2008 4:21 PM
> To: ietf-dkim@mipassoc.org
> Subject: Re: [ietf-dkim] A funny thing happened at RSA...
>
> By the way, how ma
I was at Michael Barrett's (PayPal CISO) talk yesterday morning. He
said that the early gains they have made have been with DomainKeys, but
said quite clearly that "the future is definitely with DKIM" (or words
to that effect).
He said that Yahoo! had blocked 50 million messages allegedly from
Jim Fenton wrote:
> He said that Yahoo! had blocked 50 million messages allegedly from
> paypal.com as a result of the lack of a signature.
Can Yahoo! or Paypal comment on whether the protection is for specific, names
or
whether it is by sub-tree?
How does Yahoo! know the list of domain nam
On 4/11/08 2:05 PM, "Dave Crocker" <[EMAIL PROTECTED]> scribbled:
> Jim Fenton wrote:
>> He said that Yahoo! had blocked 50 million messages allegedly from
>> paypal.com as a result of the lack of a signature.
>
>
> Can Yahoo! or Paypal comment on whether the protection is for specific, names
>
One more question: what is Yahoo! looking at to determine "allegedly
from paypal.com"? My guess is some subset of the From: header field, the
Sender: header field, the Reply-To: header field, the 821.MailFrom
return path, the Resent-From: header field, the Resent-Sender: header
field, or do the
On 4/11/08 6:07 PM, "Tony Hansen" <[EMAIL PROTECTED]> scribbled:
> One more question: what is Yahoo! looking at to determine "allegedly
> from paypal.com"? My guess is some subset of the From: header field, the
> Sender: header field, the Reply-To: header field, the 821.MailFrom
> return path, the
On Fri, 2008-04-11 at 12:18 -0700, SM wrote:
> At 11:19 11-04-2008, Powers, Jot wrote:
> > >From [EMAIL PROTECTED] Fri Apr 11 10:54:13 2008
>
> And a funny thing happened on this mailing list. This email came
> through without a DomainKeys or DKIM signature.
>
> Should the receiving MTA pass
19 matches
Mail list logo